- From: Chaals McCathie Nevile <chaals@yandex-team.ru>
- Date: Thu, 07 Apr 2016 15:22:48 +0200
- To: w3c-wai-ig@w3.org, "Daisuke MIYAMOTO" <daisu-mi@nc.u-tokyo.ac.jp>
On Thu, 07 Apr 2016 15:03:00 +0200, Daisuke MIYAMOTO <daisu-mi@nc.u-tokyo.ac.jp> wrote: > Thanks Chaals, > >>> I'm working on phishing prevention, and am concerned with >>> accessibility for people with disabilities. I'm afraid but >>> many security information, e.g., address bar colored green, >>> is really important for distinguishing legitimate sites, but >>> individuals with visual impairment are hard to recognize it. > (snip) >> Normal browser security indicators in toolbars are only sometimes >> available to screenreaders. >> >> But browsers often put up a warning page when a user tries to navigate >> to something marked as malware by a browser, and that page is generally >> "reasonably" accessible to screen reader users. > > Yes it is right when a browser succeeded to identify malicious entities. > I'm afraid but some phishing sites will be shown to users > even they use the latest version of browser and security software. True, but this is the case for all users. >> I think the common problems are: >> >> 1. email-based attacks, as you note. I believe some webmail services >> provide some protection from attachments, but I am not sure if dedicated >> email clients do the same. >> >> 2. Normal websites, that ask for sensitive information such as passwords >> which can be used to spend real money, on pages that are not secure. In >> many cases screen reader users don't *know* whether the page is secured. >> >> As well as providing shortcuts to security information - which can be >> done in browsers today - having the ability to state the security state >> in the title of the page, so it cannot be faked by the page itself, >> would be a simple technique for browsers to implement. > > Yes. The shortcut for accessing security information is usually appeared > as visual elements. I think, keyboard shortcut will be of benefit for > people with visual impairment. The point of having it in the title is that it gets announced in advance - roughly equivalent to having a visual indicator. I agree that being able to explicitly navigate to the information and check is *also* useful, but normally people don't do that. One more aspect of using a screen reader and coming across a phishing site is that they are normally built to look like another site. But there may be cases where the accessibility is quite different, and this should act as a not-very-reliable alert to a screen reader user that something is not right. cheers Chaals -- Charles McCathie Nevile - web standards - CTO Office, Yandex chaals@yandex-team.ru - - - Find more at http://yandex.com
Received on Thursday, 7 April 2016 13:23:27 UTC